Volume License Keys: Changes with Windows XP Service Pack 1
On This Page
 | Eligibility for Product Updates |
| Access to Windows Update |
| Volume License Key Encryption |
Microsoft® Windows® XP Service Pack 1 (SP1) contains three changes of importance to customers using Volume License Keys (VLKs):
| • | Eligibility for Windows XP Service Pack 1. |
| • | Eligibility for access to Windows Update. |
| • | Ability to encrypt a VLK for unattended setup of Windows XP. |
One important thing is not changing: The existing VLK for Windows XP Professional issued to you by Microsoft will continue to work with Windows XP Professional with SP1.
Eligibility for Product Updates
Software updates are intended for use by legally licensed users of Microsoft products. Microsoft is striving to ensure that licensed users continue to get updates uninterrupted by software pirates. Users of pirated software hurt licensed users by taking bandwidth from download servers and software updates intended for licensed users.
Microsoft has determined through investigations that most pirated installations are made with either of two VLKs. VLKs are used by corporate or other volume license customers to install Windows XP on their computers. These two particular VLKs, however, were never in use by a customer in a production deployment. Product keys are 25-character alphanumeric codes arranged in five groups of five characters each and used during setup to install the product. The product key produces the product ID number that, after setup is completed, is displayed on the General tab in the System Properties dialog box.
Windows XP SP1 ships with a list of the two product IDs that are created by the pirated VLKs. To determine eligibility for the update, Windows XP SP1 compares the Windows XP product ID on the system to this list. The comparison and the list reside locally on the user's computer; no information is sent to Microsoft as part of this process. The Windows XP SP1 installation will fail on computers with the following product IDs:
| • | XXXXX-640-0000356-23XXX |
| • | XXXXX-640-2001765-23XXX |
If installation fails for this reason, this message will be displayed:
Service Pack 1 Setup Error
The product key used to install Windows is invalid. Please contact your system administrator or retailer immediately to obtain a valid product key. You may also contact Microsoft Corporation's Anti-Piracy Team by e-mailing piracy@microsoft.com if you think you have purchased pirated Microsoft software. Please be assured that any personal information you send to the Microsoft Anti-Piracy team will be kept in strict confidence.
To determine the Windows product ID on your computer:
1. | On the taskbar, click the Start button. |
2. | Right-click My Computer, and then click Properties. |
3. | On the General tab, examine the number that is listed under Registered to: |
System administrators may find it useful to check the product ID through the Registry Editor. The registry path is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\ProductId
Licensed customers are not affected by this anti-piracy change.
Access to Windows Update
Access to Windows Update is likewise reserved for licensed users. Windows Update determines eligibility for access to its service by checking that the product key used to install Windows XP is valid and was manufactured by Microsoft. When a user visits the Windows Update website, two pieces of information are transmitted to Windows Update: the product ID and a hash value of the product key used to install Windows XP. (A hash value is a one-way mathematical transformation. This value is transmitted in lieu of the entire product key to safeguard privacy and security.) Windows Update compares the product key hash value and the product ID to a list of valid, Microsoft-manufactured product keys. Because this list is very large—about 1 billion values—the information must be validated on the Microsoft side. Once Windows Update validates the transmitted product key hash value and product ID, it discards the information. Neither the product key hash value nor the product ID are stored by Windows Update, and no personally identifiable information is required to access Windows Update.
Volume License Key Encryption
Service Pack 1 adds an encryption feature to unattended setups of Windows XP. This feature is applicable to customers with volume licensing agreements with Microsoft such as Microsoft Select, Microsoft Enterprise Agreement, and Microsoft Open License. Customers who place a VLK in an unattended setup file (unattend.txt) will be able to encrypt the VLK such that it will be time-limited (in increments of 5–60 days) and not visible as plain text. This feature provides customers deploying Windows XP with an additional layer of protection by obscuring the VLKs in unattended installations.
How to Use VLK Encryption
Scenario 1
To protect for 30 days SMS-based, RIS-based, or network file share-based installs using the volume licensing version of Windows XP:
1. | From the command prompt, run: |
2. | The resultant hash value is written to the specified unattended file, overwriting any existing ProductKey or ProductID entries. |
3. | The product key entry in the unattend.txt file is functional for 30 days after the date of encryption. |
A script to re-encrypt the key regularly could be created to ensure that a new encrypted key is always available for the install. The Task Scheduler could also be used to schedule this task to be repeated automatically.
Scenario 2
To protect for five days a CD-based install using the volume licensing version of Windows XP:
1. | From the command prompt, run: |
2. | The resultant hash value is written to the specified unattended file, overwriting any existing ProductKey or ProductID entries. |
3. | The product key entry in the unattend.txt file is functional for five days after the date of encryption. |
The unattended file could then be placed on a floppy disk or burned to a custom CD image to provide a short-lived CD for CD-based installations.